This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.
The Solaris Cryptographic Framework provides cryptographic services to applications. Applications can access the framework through libpkcs11(3LIB) and at higher levels.
The Solaris Cryptographic Framework provides the following features for developers of applications that use encryption:
User-level programming interfaces for various cryptographic functions. These interfaces cover, for example, encryption, decryption, message digests, and signing. The industry standard, RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki), serves as the API.
The framework supports the following encryption algorithms:
User-level pluggable interfaces for Sun and third-party developers. These interfaces enable administrators to add new plug-ins from providers of encryption algorithms at the user level. Administrators can replace an existing provider with a different implementation. The user service provider interface (SPI) also uses the PKCS#11 standard. Tools for signing, packaging, and installing third-party binaries are provided.
An optimized software implementation of the most commonly used encryption and digital signing algorithms, such as AES, DES/3DES, and RSA. These implementations have been optimized for the SPARC platform and UltraSPARC platform.
An administrative CLI tool, cryptoadm, for adding or removing encryption plug-ins, setting cryptographic security policy, and other related administrative functions. See the cryptoadm(1M) man page.
See the following man pages: libpkcs11(3LIB), pkcs11_softtoken(5) and pkcs11_kernel(5). See also Solaris Cryptographic Framework for System Administrators.
Vendors of software or hardware cryptographic accelerators who are interested in supplying plug-ins to the Solaris cryptographic framework should contact Sun Microsystems for more details.